Author: Aghazair Abdıyev

Prevent domain users from join/disjoin a domain

Prevent domain users from join/disjoin a domain Domain users who are members of the local Administrators group on their computers can, if they wish, withdraw their computers from the domain. This, of course, is not very good, because it means that the user can transfer his machine to an “unmanaged” state (group policies do not work on PCs), and this can lead to a decrease in their security and security of user data stored on them.   How can users be banned from “expelling” their computers from a domain? Unfortunately, it’s problematic to make this simple modification of user...

Read More

How to troubleshoot printer problems

How to troubleshoot printer problems in Windows 7,8,10 The techniques discussed below will help clear the print queue in any version of Windows, whether it is Windows 7, 8 or Windows 10. Consider the peculiarities of cleaning “hung” print queue in Windows systems. This technique allows you to remove from the queue documents that for some reason are not printed and interfere with the printing of other files and documents. A “soft” method of cleaning the current print queue for a printer is performed from the Control Panel window (Control Panel -> Devices and Printers). In the list of...

Read More

How to format a USB flash drive using extended FAT (ExFAT)

How to format a USB flash drive using extended FAT (ExFAT) Extended FAT (ExFAT) is a new file system supported by Windows Vista and Windows Server 2008. ExFAT is designed mainly for removable media such as USB flash drives. Such information carriers are usually used as FAT or FAT32 as a file system, but these file systems have a number of limitations. For example, in FAT32, the maximum size of a single file is 4 GB, and Windows limits the maximum size of a FAT32 volume of 32 GB. FAT imposes even greater restrictions on file size and volume...

Read More

How to delegate administration of the RODC controller

How to delegate administration of the RODC controller This article explains how you can delegate the administration of the RODC controller (read-only controller) to domain users. The RODC contains a read-only copy of the Active Directory database. The RODC is designed for places where administrators have little knowledge of Active Directory. The user or even the domain administrator cannot perform LDAP write operations on the RODC. It is understood that the write operation is only for the domain database or the Ntds.dit RODC file, but the server itself still needs to be managed by a person for maintenance and such purposes, as installing patches, updating anti-virus databases, etc. These tasks can only be performed with local administrator privileges on a member server, but RODC controllers do not have local administrators, since they are part of an Active Directory domain. You can assign domain user rights to perform maintenance tasks on the RODC by executing the following commands on the RODC server: Type Dsmgmt and press Enter. Type Add user_name Administrators This command will end with the message “The command completed successfully.” The above actions add an entry to the following address in the registry: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ LSA \ RODCRoles The registry value (RODCRoles) contains a list of user accounts that can manage the RODC for maintenance purposes....

Read More

DDNS on domain controllers

DDNS on domain controllers This article will tell you about registry keys that are responsible for whether your DCs use Dynamic DNS (Dynamic DNS) to register records on DNS servers or not. Domain controllers register or update their DNS records on DNS servers every hour. He does this with DDNS (Dynamic DNS). Dynamic DNS must be enabled on the domain controller, after which they will be able to register their DNS records dynamically. You can find out whether domain controllers use Dynamic DNS to register / update their records on the DNS server by viewing the following registry key: Section Name: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Netlogon \ Parameter Parameter Name: UseDynamicDns Type: REG_DWORD Value: 0 (disabled) 1 (enabled) Always check the above option if domain controllers do not perform dynamic...

Read More